Essential Check Secures, Prevention Beats Recovery, Treasury Cyber Breach- Cybersecurity News [December 30, 2024]
The New Year is the time for resolutions. Individuals and organizations must focus on cybersecurity and resolve to take proactive steps to prevent cybercrime. Data breaches have become increasingly frequent. With people increasingly using smartphones to access the internet, securing these instruments should be paramount. In the face of rising cyber threats, ensuring robust email security on your devices, such as conducting security checks on Android and iPhones, is a vital step to safeguarding your personal and organizational data from breaches and attacks.
We start this week’s bulletin with a recommended mandatory check that every Android or iPhone user should ensure. This week’s second news item features the precautionary steps one can take during a data breach. Cybercriminals do not recognize any boundaries. We shall discuss the latest attack on the US Treasury Department and President-elect Donald Trump’s response. We round off with the latest cyberattack on Thomas Cook (India), which disrupted its online services recently.
One Mandatory Check Can Secure Your Android And iPhones
The new year has arrived, so everyone can expect a deluge of New Year wishes and messages in their inboxes. Since most people use their Android and iPhones to check their emails, these devices have become more vulnerable to cyberattacks. However, one simple but effective check can secure these instruments and safeguard your data.
- Android smartphone users must use Google’s account security checkup tool for all-around Google account protection. This simple resource ensures better security, including account recovery options, safe internet browsing, sensitive settings, and recent security activity. Google prompts users to conduct these checks at frequent intervals.
- Similarly, iPhone users must run the iPhone safety check, which allows a quick review, updating, and restricting information sharing with individuals and apps. This safety check offers two distinct options: an emergency reset and a management option to review sharing information. Please enable the stolen device protection facility to secure your device.
A little care can bring peace of mind and save your hard-earned money. Start the new year with this resolution.
Prevention is better than cure – This 6-Step Data Breach Recovery Plan
Data breaches have become as common as pickpockets. Despite all the precautions you take, they can happen unannounced. So, one of the crucial New Year resolutions should include adopting this 6-step data breach recovery plan.
- Use tools like “Have I Been Pwned” to check whether your data has been exposed to malicious actors. This will help you determine the extent of the breach and ensure you act swiftly.
- Secure your accounts using robust passwords. If you find them difficult to remember, use password managers like Bitwarden or 1Password. Enabling MFA makes it more challenging for cybercriminals.
- Increase self-awareness by updating your knowledge on distinguishing legitimate data breach notifications from malicious phishing attempts. Be careful of SIM swap threats.
- Use paid identity theft protection services. Filing a report with IdentityTheft.gov helps protect your identity.
- Review your online presence consistently and beware of interacting with people you do not know.
- Know the law and understand that legal and financial recourse is available. Check websites like ClassAction.org for more information about filing lawsuits and compensation claims.
US Treasury Department Data Breach Reported Cybersecurity Incident
The US Treasury Department has reported a significant cybersecurity incident purportedly by international hackers. “Beyond Trust,” a cloud-based service provider, offers technical support for US Treasury Department Office end users. It reported to lawmakers that malicious actors gained access to a key, enabling them to override their security and remotely access US Treasury Department user workstations and certain unclassified documents. Aditi Hardikar, Assistant Secretary for Management (US Treasury Department), has attributed the cybersecurity incident to an international state-sponsored APT actor.
She has not divulged any further details. However, the US Treasury Department engaged CISA immediately and reported the matter to other governing bodies. Besides, they have taken the compromised service offline because they do not know whether the threat actors still have access to the department’s information. Beyond Trust had previously released patches for a critical-severity vulnerability in its Privileged Remote Access and Remote Support products.
President-elect Donald Trump Promises To Come Hard On Cybercriminals.
Donald Trump has always been known as a hard taskmaster when it comes to ensuring US national security. He has taken the attack on the US Treasury Department workstations seriously and vows to punish the perpetrators of the attack, regardless of their nationality. Karoline Leavitt, spokeswoman of the Trump administration-in-transit, has stated that they are committed to imposing severe costs on private and state-sponsored actors who continue to attack US infrastructure and steal data. Though Trump has not named the Chinese specific targets, Beijing has rejected the US’s claims against China without any factual basis.
The Chinese Embassy in Washington has issued a strong statement cautioning the US to stop spreading misinformation about the Chinese and using cybersecurity to slander China. Before this latest incursion, the White House had announced that a state-sponsored Chinese hacking group, Salt Typhoon, had breached nine telecommunication firms in the US.
Thomas Cook (India) Falls Victim To A Cyberattack.
Thomas Cook (India), a primary travel services provider, has reported falling victim to a cyberattack, causing significant disruptions in its IT operations. The company immediately shut down its affected systems and initiated a comprehensive investigation. Besides, they have reported this cyber incident to the Bombay Stock Exchange in their latest regulatory filing without specifying the precise timeline of the attack.
This attack has severely impacted the company’s online customer bookings and services. The website continuously displayed Error 503, which indicates temporary online service unavailability. They have sought the services of cybersecurity experts to support the investigation process, help identify the extent of the damage, and take remedial action. They have informed their customers that they have taken adequate steps to contain the breach, secure their systems, and restore normalcy as soon as possible.